from the time-to-change-those-terms-of-service dept

The ACLU's Jameel Jaffer alerts us to a district court ruling in NY that effectively says that by merely agreeing to AOL's terms of service, you've waived your 4th Amendment rights. The case is the United States v. Frank DiTomasso, where DiTomasso is accused of producing child porn -- with most of the evidence used against him coming from AOL. DiTomasso argues that it was obtained via an unconstitutional search in violation of the 4th Amendment, but judge Shira Scheindlin rejects that, by basically saying that AOL's terms of service make you effectively waive any 4th Amendment right you might have in any such information. To be fair, Scheindlin doesn't get to that conclusion breezily, and earlier in the ruling worries that one can just give up such 4th Amendment rights:

I conclude that it would subvert the purpose of the Fourth Amendment to understand its privacy guarantee as “waivable” in the sense urged by the government. In today’s world, meaningful participation in social and professional life requires using electronic devices — and the use of electronic devices almost always requires acquiescence to some manner of consent-to-search terms. If this acquiescence were enough to waive one’s expectation of privacy, the result would either be (1) the chilling of social interaction or (2) the evisceration of the Fourth Amendment. Neither result is acceptable.

Agreed. So... what's the issue here? Well, apparently AOL's terms of service are so clear to the point that it would monitor your account for illegal behavior that somehow it's okay in this case:

AOL’s policy is quite different. Not only does it explicitly warn users that criminal activity is disallowed, and that AOL monitors for such activity; the policy also explains that “AOL reserves the right to take any action it deems warranted” in response to illegal behavior, including “terminating] accounts and cooperat[ing] with law enforcement.” The policy also makes clear that AOL reserves the right to reveal to law enforcement information about “crimes[s] that [have] been or [are] being committed.” In contrast to Omegle’s policy, which includes only a passing reference to law enforcement — and which gives no indication of the role Omegle intends to play in criminal investigations — AOL’s policy makes clear that AOL intends to actively assist law enforcement. For this reason, I conclude that a reasonable person familiar with AOL’s policy would understand that by agreeing to the policy, he was consenting not just to monitoring by AOL as an ISP, but also to monitoring by AOL as a government agent. Therefore, DiTomasso’s Fourth Amendment challenge fails as to the emails.

I'm not entirely sure how to reconcile those two paragraphs. They seem to directly contradict one another. The fine line of difference here is that the court is saying the 4th Amendment rights aren't "waived," but that DiTomasso effectively "consented" to a search by law enforcement. This seems like a distinction without any real difference.

Still, there is a separate public policy question here. Many internet service providers similarly analyze emails against a hash database of known child porn images to try to catch people sending around child porn -- and there's a reasonable argument to be made that there's a good reason that this is done. In fact, just a few months ago there was news of a similar situation involving a Gmail user, where Google's automated systems alerted NCMEC to potential child porn. But, even given that, it seems troubling to suggest, even in this somewhat narrow manner, that you could effectively give up your 4th Amendment rights just by agreeing to a terms of service. These are the kinds of loopholes that the government is known to jump all over and expand until they effectively swallow the entire rule. And, of course, almost no one wants to claim that they're trying to better defend people engaged in child porn -- but that's how basic fundamental rights get chipped away. You attack those rights against the kind of people that no one wants to defend, and then that removal of rights is expanded to more and more and more people. Even if you're against child porn (and you should be), it should be concerning that a mere terms of service can be seen as official "consent" to law enforcement to a search of otherwise private communications.

from the what's-wrong-with-people-over-there dept

Over the last week, we've been debunking a bizarre "series" of stories over at Huffington Post, which is claiming to be about "the history of email" but is not. It's about a guy, Shiva Ayyadurai, who may have written an implementation of email in the late 1970s, but which was clearly well after email was in widespread use. Ayyadurai's actual program (and as far as I can tell, he has not released any screenshots of what the program actually looked like) may have worked well for the University of Medicine and Dentistry of New Jersey (UMDNJ) where he wrote it as a 14-year-old, but it contributed nothing to the future of email. Beyond email existing in various forms long before that, nothing that happened later in the email space appears to have happened because of Ayyadurai's program. Each of the advancements in email came from elsewhere, with no indication that anyone anywhere was even aware of what Ayyadurai had done in New Jersey.

Ayyadurai has waged an incredibly bizarre public relations campaign, and the more you look at it, the more bizarre it becomes. However, anyone who looks over any of the primary documentation (much of which we've linked to in our previous posts) can only conclude that while Ayyadurai may have independently come up with some ideas, he most certainly did not invent email. It was widely in use. The key arguments in his claim are obviously false, and prey on (1) a misunderstanding or misrepresetation of copyright law and (2) an almost fraudulent misquoting of Dave Crocker, a guy who really was heavily involved in early email efforts. Again, all of that is discussed in the earlier posts.

What I still cannot fathom is how the Huffington Post can stand behind this "reporting." I've now heard from three different HuffPost reporters on the news side who all say that they're horrified that no one at the company has done anything about this. The only official response I got stood by the stories, but actual reporters at the company recognize that their own credibility has been absolutely destroyed by this. It's been pointed out that the five part series is on HuffPo's "blogging" side -- which gives a platform to PR folks with no editorial oversight.

But, because HuffPo does little to separate out its "news" division from those open "blogs," the blogs get filed with all sorts of clearly bogus crap. Much of it gets totally ignored, but some (apparently including PR "guru" Larry Weber and his business partner Shiva Ayyadurai) are willing to exploit the fact that no one recognizes the blogging platform has no editorial review, to pretend that a "reputable source" has "confirmed" the story. Ayyadurai himself keeps pointing to the HuffPo stories as some sort of "vindication" (while hilarious suggesting that I'm being paid off by Raytheon...). He leaves out that these are all blog posts by his friends and partners, put up on the site with no editorial review. Again: every serious look into the history has found that he is not the inventor of email.

And that's why it's so damaging to the good reporting that some actual HuffPo reporters do, to find out that the company won't retract and renounce this series as a PR campaign for a series of blatantly fraudulent claims -- obvious to anyone who looks at the documentation. Even worse, however, is the fact that part of the HuffPo journalism side -- HuffPo Live -- picked up on the completely bogus campaign and did a whole fawning interview with Ayyadurai, never once presenting the evidence that he's fraudulently misrepresenting basic facts. And, contrary to the claims from Huffington Post's PR people, the HuffPo Live articles, written by Emily Tess Katz, do not have any "clarification" -- bogus or not.

I've now asked the author of the HuffPo live stories, Emily Tess Katz, multiple times if she still stands by this story, and she has refused to respond. Journalistic integrity! According to one report, she had said she stood by it, and then deleted the tweet.

We've talked in the past about the concept of "he said/she said" journalism -- what Journalism Professor Jay Rosen likes to call "the view from nowhere" -- in which journalists feel (incorrectly) that "being objective" means giving "both sides equal weight and letting the reader decide." That's bad. Journalism should be about the search for truth.

The thing that's truly baffling here isn't that HuffPo and HuffPo Live are doing "the view from nowhere," but that they're actually actively promoting a lie. It's the view from Bogustan. Rather than promoting the truth or presenting false balance, Huffington Post is actively claiming that a clearly false story is true -- and when presented with reams of evidence on that front, it appears that the company is simply throwing up its hands and hoping the whole story just blows over. Beyond the reporter, I've emailed Huffington Post PR people, and they, too, are now refusing to comment. Meanwhile, some of the company's very good reporters are hanging their heads in shame.

My suggestion: perhaps it's time to start looking for a publication to work for that actually takes journalistic integrity seriously.

from the really-now? dept

We already covered the bizarre situation in which one of the biggest names in PR has "teamed up" with the Huffington Post to write an entirely bogus "series" of stories on the "history of email" that is nothing more than a PR campaign for a liar. V.A. Shiva Ayyadurai claims to have invented email. He did not. We went into great detail on this on Tuesday, so you can check out the history there.

Despite my requests to both Huffington Post and Larry Weber (the PR guy who kicked off the "series"), neither has responded and explained if any money is changing hands here. That means either it is, and Huffington Post is violating FTC rules concerning "paid" posts, or Huffington Post just made it clear that it is willing to post pure bullshit without the slightest bit of fact checking. I'm still not sure which is worse.

Instead, it appears that they've gone forward and posted the latest in the series. Incredibly, they've convinced an MIT professor, Deborah Nightingale, to destroy her own credibility by writing a piece that is supposedly "debunking" the "myths" that everyone puts forth in proving that Ayyadurai is simply wrong in claiming to have invented email. Except the "myths" are not myths, and her debunking does not debunk anything. It just repeats the same false claims (using nearly identical language) as Ayyadurai and his friends in their original posts.

Nightingale cherry picks a few things, presents them in a misleading way, repeats the entirely bogus story about Dave Crocker claiming interoffice email was impossible (which is not at all what he actually said), and then just repeats (almost word for word) Ayyadurai's previously disproven claims. It's clear that the only way they think they can win this debate is to redefine what email is in such a narrow way to pretend that Ayyadurai's specific implementation was the "invention" of email. It's not. It's ridiculous. Here's their definition, according to Nightingale, though more or less repeated word for word by the other posts in the series.

Again, as noted in our post yesterday, nearly all of that was done previously by others (often many years earlier). But Ayyadurai, Weber and Nightingale are pretending that none of that was truly email because it didn't have every single component that Ayyadurai's app had. That's ridiculous. Email is an ever-evolving set of standards. You could just as easily make an equally ridiculous claim that "email" didn't really exist until it also had color highlighting. After all, the offline interoffice mail system had the ability to highlight with colored pens, and email didn't include color highlighting until years later. But, of course, that's ridiculous, because color highlighting doesn't make email.

Email was very much in place long before Ayyadurai's app. It included all the basic concepts of email, including an inbox, folders, to:, from:, subject, cc:, bcc:, etc. Ayyadurai may have written a wonderful new form of electronic messaging, but he didn't "invent" email.

The thing that's amazing here is that Ayyadurai is using one of the oldest trolling tricks in the book, in pretending that everything that he is actually doing is actually being done nefariously against him. Almost everything that he claims people are doing to him are things that he is actually doing himself:

He claims that the attacks are because Raytheon/BBN's entire "identity" is built off of its fake claim to have invented email.

First off, that's not true. Raytheon is a giant multi-billion defense contractor. It doesn't care about who invented email. BBN has a long and well-documented history of a whole bunch of innovations concerning the internet and networked computing. If it didn't invent email (and no one there really claims to have "invented" email anyway -- they say, rightly, that it was a group evolution by a bunch of folks, some at BBN and some elsewhere), its legacy as the core innovators of the internet would still be in place. Instead, the only one whose entire "identity" is built off a fake claim to have invented email is... Ayyadurai. Here's his Twitter page:

His entire Twitter stream is about him claiming to have invented email. Tweet after tweet after tweet are just about those claims.

He has an entire website called "the inventor of email." He's written a book about email, which claims on the front page that he's "the inventor of email":

Oh, and notice the "blurb" on the cover of the book? It's from Larry Weber. Gee...

He claims that others "fabricated a controversy" to deny him his rightful place in history

The only fabricated controversy is by him. There is no controversy. He didn't invent email. But he sure trades off of the claim that big powerful interests are trying to silence him.

He claims that those of us debunking his bogus claim refused to look at the primary documents

This is untrue. We went through the documents in detail and explained why they actually debunk Ayyadurai's own claims. Their "smoking gun" is a paper by David Crocker at RAND from December 1977, in which they falsely claim he said that an interoffice email system was impossible. Yet they never point you to the paper. go read it here. Go read the primary documentation and you'll see that not only did Ayyadurai and his friends/colleagues totally take Crocker out of context, they pulled two totally unrelated sentences from different parts of the report, excised from context, to pretend he said something he did not. Read the whole report and you'll actually see that not only were email systems quite common, lots of folks were developing all sorts of components of an electronic interoffice mail system. Crocker's paper is about one such version, but notes that many others are doing the same, and it includes screenshots of messages that clearly look like email today.

He claims that everyone is trying to rewrite history

He and his friends are the only ones doing so. The history is clear. There is no controversy other than the one that he's manufacturing.

What's bizarre is that the Huffington Post is a willing accomplice in perpetuating this myth -- and why the company won't comment on this, and the nature of its relationship with Weber and Ayyadurai. Again, either the Huffington Post is running a sponsored series without disclosing it (in violation of FTC rules) or it has been totally duped. I've heard from some folks suggesting that this is just the "blogging" side of Huffington Post, where there are no real editorial controls, but that doesn't explain HuffPost Live's multiple segments on this issue, including its bizarre interview with Ayyadurai. That is a journalistic endeavor (or purports to be) that appears to have been totally duped. The series still promises one more article, by Ayyadurai himself, and we expect more of the same rewriting of history, using the exact same phraseology. The question is whether or not Huffington Post will recognize that it's being used as part of an effort to drum up a faux controversy over something that is blatantly untrue.

from the speak-out dept

In honor of the Reset the Net campaign, and the one-year anniversary of the first Ed Snowden revelation, a bunch of big tech companies, including Google, Facebook, Microsoft, Twitter, Apple, DropBox, LinkedIn, Yahoo and AOL, have published an open letter to the Senate asking it to pass real surveillance reform, rather than the weak sauce that the House passed in its massively watered-down USA Freedom Act. At the same time, a lobbyist representing a group of big tech companies specifically warned the Senate that the House version was too weak and needed to be much stronger. This is a good first step, but we need to see the pressure on the Senate ramp up even more.

from the about-time dept

Since the Snowden leaks began we've highlighted that the US internet companies should be furious about the NSA's actions, because it was almost certainly going to harm their ability to get any business outside of the US. Some of the companies seemed to be lying low, and we argued they should be speaking out and fighting back. While many of them did decide to sue for greater transparency, we argued that transparency was just one issue, and not even the most important one. About a month ago, with the revelations of the NSA infiltrating data centers, it appeared to finally dawn on the major internet companies that this was a serious issue.

Increase Oversight and Accountability (such as by making FISA an adversarial process)

Transparency About Government Demands

Respecting the Free Flow of Information

Avoiding Conflicts Among Governments

With the website, they've also sent a specific open letter to the government highlighting why this is important, focusing on the rights of individuals and the ability to keep their information private.

We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for a change.

For our part, we are focused on keeping users’ data secure — deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope.

We urge the US to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight.

Some will, undoubtedly, argue that this is all just noise for the sake of public perception, but compare what these companies are doing to the major telco companies, which not only have refused to comment on all of this, but have actively fought efforts by their own shareholders to make them just slightly more transparent (up to the level many internet companies were even before the Snowden leaks).

The question, now, is how much effort these companies will really put into getting Congress to change the laws. There are a number of different bills in Congress. Having the tech companies assist the efforts for real reform would certainly be helpful.

“[Y]our company’s People+ product in essence has made wholesale use of CrunchBase content to simply replicate what CrunchBase does,” wrote Grossman in another letter to the startup. The app, Grossman adds, “duplicates what CrunchBase offers in order to compete directly with us.”

Except, of course, that's entirely allowed under the license in question. So AOL is simply wrong here. Amusingly, AOL is trying to get around its blatant wrongness from a different direction, claiming that the scraping of the data abused the terms of their API that makes the use of the data improper:

That’s because Pro Populi downloaded the database through the CrunchBase API, a digital interface that allows anyone access to the data. Buried in the terms-of-service for the CrunchBase API is this caveat: AOL “reserves the right to continually review and evaluate all uses of the API, including those that appear more competitive than complementary in nature.” And AOL “reserves the right in its sole discretion (for any reason or for no reason) and at anytime without notice to You to ... terminate your rights” to use “any CrunchBase content.”

That clause is completely bogus. AOL can decide to forbid someone from using the API if they feel it violates their terms, but they cannot "terminate" the license to use the content. The content is free to use under the license, and there's nothing AOL can legally do about it -- other than lie and be a bully, which appears to be the choice the company has made. Thankfully, EFF is now representing Pro Populi and has sent a detailed letter explaining all of this to AOL. Hopefully, next time, their lawyers will actually understand their own licenses before misrepresenting them in bogus threat letters.

from the more-of-that-please dept

We've been arguing since the beginning of the Snowden leaks, that the tech industry should be much angrier than it is about all of this, because the fallout and blowback from this is going to impact these companies quite a bit. To date, the big tech companies have been fighting back, but it's mostly focused on the transparency issue, arguing in court that the gag orders barring them from talking about what the government has legally compelled them to do, is a violation of their First Amendment rights. And that's correct and an important fight, but we've been disappointed that the tech companies haven't supported even greater reforms and changes, including greater privacy protections. But that might be changing.

Obviously, the news of the NSA infiltrating private network links between data centers should make these companies even angrier. It appears that Google is getting there, though Yahoo still doesn't seem to realize what just happened.

However, in an interesting move that at least hints at potential further realization from the tech industry that they need to support user privacy rights, the big guys -- Google, Facebook, Apple, Microsoft, Yahoo and AOL -- have all sent a letter to Congress in support of the USA Freedom Act. In it, they once again talk up the importance of greater transparency. But, also, for the first time that I can remember, they appear to be arguing for even more:

Transparency is a critical first step to an informed public debate, but it is clear that more needs to
be done. Our companies believe that government surveillance practices should also be reformed
to include substantial enhancements to privacy protections and appropriate oversight and
accountability mechanisms for those programs.

And, even with the letter being sent today, it was almost certainly written and approved before yesterday's revelations -- meaning that this was before they realized the NSA was trying (and succeeding) to backdoor into their networks without their knowledge. Hopefully they'll start pushing for even more significant reforms as well. Some have argued that the tech industry has been complicit in the NSA surveillance efforts, while others have suggested they were compelled, or even tricked/hacked into it. The evidence suggests a combination of all of those factors (in varying degrees across the different companies). But if they want to actually regain the trust of their users, they should stand up for the rights of their users and support the efforts to create real change and to stop illegal surveillance, rather than just increasing transparency.

from the chilling-effects dept

The war on journalism isn't coming from just the federal government. Over in Illinois, a judge has fined Joseph Hosey, an editor for the AOL-owned hyperlocal news site, Patch, $1,000 plus court costs, plus $300 per day for
refusing to reveal his sources on a certain story. This is pretty important. Having a journalist reveal sources basically ends that reporter's career as a serious investigative reporter because no source will trust that their information will be secret again. By definition, having the government require someone to do so certainly seems like a First Amendment violation, as it's a clear restriction on the freedom of the press. In addition, while we're skeptical of journalism shield laws (and how they can be used to exclude journalists, rather than include them), Illinois does have a shield law. Thankfully, Patch is appealing this ruling.

from the the-details-matter dept

This has been rumored for ages, and the White House has certainly been pushing for this almost non-stop for years, but in a similar vein to the ISPs and the RIAA/MPAA coming to a "voluntary agreement" to implement a six strikes policy, the major online ad networks, led by the Internet Advertising Bureau (IAB) along with Google, Microsoft, Yahoo and AOL (and, yes, with the White House) have come to an agreement to stop their ads from appearing on "rogue" sites that are engaged in copyright infringement or selling counterfeit goods via a series of "best practices." The agreement says that the various ad networks who are participating will strive to keep their ads off of sites "that are principally dedicated to selling counterfeit goods or engaging in copyright piracy and have no substantial non-infringing uses."

I have some concerns about this, as I'll discuss below, but on the whole it appears that there's actually some good to come out of this. First off, it's worth noting that all of these guys already have terms of service that bar the use of their ads on sites that primarily engage in such things. While various tech industry haters still tend to believe otherwise, the tech industry has been pretty good at keeping their ads directly away from such sites for years. The ads that tend to get on those sites come from tiny third party ad networks that no one has heard of. In fact, some of the "evidence" against Megaupload was that from very early on, Google kicked it out of its ad program.

Another sign that this agreement probably isn't that bad: the MPAA has already put out a statement about how they hate it, saying that it's not enough. Chris Dodd specifically argues that nothing is going to be enough until everyone else does the copyright holders' job for them, and proactively polices the internet. The fact that no one but the copyright holder can know for certain if something is infringing is not even allowed to enter the discussion in the corrupt minds of the MPAA.

In this case, it appears that this new agreement involves something of a more formalized notice and (possible) takedown system. Copyright holders can submit a complaint to each ad network (individually, not to some central authority), and then the ad network gets to decide how it handles the notice -- but, under the best practices, they will strive to keep their ads from appearing on such sites. Since this is just a voluntary agreement, unlike, say, the DMCA, there's no automatic liability shifting in refusing to pull the ads -- and the agreement makes it clear that the best practices themselves do not establish liability, nor do they create a duty to proactively monitor (though, I could see how copyright holders might later try to raise that issue).

The good thing about this program is that it appears those who worked on it clearly recognize that certain copyright holders may be a little over eager in claiming certain sites are "pirate" sites when they might not be. So the program is designed to be more transparent and to include the clear ability for a site to appeal such a decision and get the ad networks to reconsider. In some ways, this is a step forward from the way it was before, in which Google or others might just kick you out of the program with almost no communication and absolutely no right of appeal. In fact, Google is somewhat infamous for its big white monolithic response to kicking people out of its ad network: basically just telling them "you've violated our terms" with no explanation, no way to find out more, and no way to appeal. Adding an actual appeals process is a step up.

That said, there are still two key concerns here. The first is that even with an appeals process and various safeguards, it's quite likely that legitimate sites that have significant non-infringing purposes will still get caught up in this. We've seen too many false takedowns, false attacks and the like for that not to happen. And even with an appeals process, losing your entire ad network for a period of time can completely sink a small business (and, any site making money on these kinds of ad networks is, by definition, a small business -- because none of these ad networks pay out very much to individual sites).

The second concern is a bigger one: which is that if you look at the history of some of the most important innovations that have helped the content industry grow, they almost always start out as what those content industries deemed "principally dedicated to infringing activity." In the early days of radio, cable TV, VCRs, DVRs, mp3 players, YouTube, etc... they were all attacked as being hotbeds of infringement. Yet, as they grew in popularity, business models developed that helped the content industry tremendously. As I've pointed out in the past, it was only four years after Jack Valenti declared that the VCR was the "Boston Strangler" of the movie business that the home video business surpassed the box office in revenue for Hollywood. Yet, if we allow a system where the copyright holders are able to simply starve these new businesses completely before they've had a chance to develop and mature, I worry that we miss the next VCR, the next DVR, the next mp3 player, the next YouTube -- and whatever tool that comes next that allows content creators to do an even better job connecting with fans, creating new works, distributing new works, promoting those works and eventually monetizing those works.

It's easy to simply try to label all new upstarts as "evil" and kill them off, but history has shown that's generally not a very good idea. The reason those upstarts are successful is not that they enable infringement, but rather that they enable something new and useful that people want and like. The real opportunity is in figuring out ways for content creators to use that to their advantage -- and I fear that programs like this make it easier to simply snuff them out too early.

That said, if there needs to be such a program, this one appears to be the least destructive approach. It doesn't create liability or a proactive duty to police the internet. It allows the networks to make the final call on what do with complaints. It gives the accused sites the ability to appeal whatever decisions are made. Either way, I would imagine that the MPAA and the RIAA already have their incredibly long lists of sites ready and are submitting them everywhere they can... and within a few weeks we'll watch them issue statements about how the new program isn't working and how more needs to be done.

from the details-details-details dept

Late on Friday, the NY Times released the most detailed explanation to date of the PRISM system that was revealed on Thursday, claiming that nine of the biggest tech and internet companies were working with the NSA to give them "direct access" to servers. The explanation explains how both the original story was substantially true, as were the "denials," though the denials were (as predicted) a bit of doublespeak. Today, the Guardian revealed another slide from the presentation it has, which clarifies some more details.

Basically, it appears those companies all agreed to make it easier for the NSA to access data that was required to be handed over under an approved FISA Court warrant, and they appear to do this by setting up their own servers where they put that information (and just that information). From the NY Times report:

But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said.

The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.

This is significantly less worrisome than the original Washington Post report, which suggested full real-time access to all servers. That's not quite what has happened, according to this report. This involves cases where the companies really do need to hand over this information. We can disagree with whether or not the FISA Court should issue these warrants, but at some point there may be information that the companies do need to hand over to the government. As for the Guardian, they published the following slide:

As you can see, it notes multiple programs where they can get data. The programs on top are the ones such as the NSA servers installed at telcos to collect all traffic running through them, which have been revealed before. The program on the bottom is PRISM, which clearly states: "collection directly from the servers of these U.S. Service Providers," followed by the already known list. That certainly confirms the "direct access" claim from the original WaPo report, but it could also be true in conjunction with the NY Times report, if you look at it as the companies setting up special servers where they place information they're ordered to hand over via FISA court orders. The "denials" from the companies are also substantially true, as they mean that the NSA isn't getting direct access to all their servers, but rather the ones set up for handing over this information.

The real question should be about what information the FISA Court is approving warrants over:

FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said. There were 1,856 such requests last year, an increase of 6 percent from the year before.

In one recent instance, the National Security Agency sent an agent to a tech company’s headquarters to monitor a suspect in a cyberattack, a lawyer representing the company said. The agent installed government-developed software on the company’s server and remained at the site for several weeks to download data to an agency laptop.

In other instances, the lawyer said, the agency seeks real-time transmission of data, which companies send digitally.

Note just how broad some of those searches may be. Staying around for weeks to download logs? We're not talking about narrowly focused searches here.

Of course, what's now also come out is that, despite Google and Microsoft releasing transparency reports about government requests for data, they don't include FISA requests because of the gag orders on them. It's only recently that both Google and Microsoft were able to include "range" numbers for how many national security letter requests they get. One hopes they're pushing to be transparent on FISA requests as well.

The article makes it clear that Twitter was alone among the companies in refusing to join this program. That does not mean that Twitter does not hand over data to the government when receiving a legitimate FISA order. I'm sure it does. But it does mean that they have not set up a special system to make it easy for the government to just log in and get the data requested. Some people have suggested that the government has little need for Twitter to join the program since nearly all Twitter information is public, but that's not true. There is still plenty of important information that might be hidden, including IP addresses, email addresses, location information and direct messages that the NSA would likely want. Besides, YouTube is a part of the program, and most of its data is similarly "public."

This is not, by the way, the first time that we've seen Twitter stand up and fight for a user's rights against a government request for data. Over two years ago, we pointed out that Twitter, alone among tech companies, fought back when a court ordered it to hand over user info. Twitter sought, and eventually got, permission to tell the user, and allow that user to try to fight back. It later came out that, as part of that same investigation, the government also had requested information from Google and Sonic.net, with Sonic.net fighting back and losing. It never became clear whether Google fought back.

Separately, however, Chris Soghoian has noted that an "unnamed company" fought back and lost against a FISA court order... and that, according to the PowerPoint presentation, Google "joined" PRISM just a few months later. It is possible that Google fought joining the program, and then only did so after losing in court. That said, Google's most recent denial insists that "the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box." Perhaps they don't consider a special server set up for lawfully required information a "drop box," but others certainly might.

In the end, it appears that the initial Washington Post report was overblown in that it suggested direct access to all servers, rather than specific servers, set up to provide information that was required. That said, it is still true that the FISA Court appears to issue a fair number of secret orders for information from a variety of technology companies, some of them quite broad, and that many of the biggest tech companies have set up systems to make it easier to give the NSA/FBI and others access to that info -- though, they are often required by law to provide that information. The real outrage remains that all of this is happening in complete secrecy, where there is little real oversight to stop this from being abused. As we noted just a few weeks ago, the FISA Court has become a rubber stamp, rejecting no requests at all in the past two years.

Given the revelations of the past week, the public (and our representatives) need to demand much more transparency and oversight concerning these surveillance programs.